Using social networks for DDoS. Reddit as hacker tool.

Reddit is the hacking playground for today. While Reddit is just barely a "social network" with minor interactions between its members it is a powerful site for spreading the latest cool thing and in recent months has been pretty much taken over by Ron Paul enthusiasts and Fox News conspiracy theorists.

Reddit is the hacking playground for today. While Reddit is just barely a "social network" with minor interactions between its members it is a powerful site for spreading the latest cool thing and in recent months has been pretty much taken over by Ron Paul enthusiasts and Fox News conspiracy theorists. This morning one redditer posted a link to a so-called "slow SQL" request to the web site of the RIAA. The intent would be to get thousands of people to launch simultaneous SQL requests that would bog down the RIAA's web server thus effectively creating a denial of service attack. Evidently the site was vulnerable to a simple SQL injection attack which some other hacker proceeded to use to just wipe the entire database behind the informational web site.

This has been going on most of the day but it appears that as of this writing the operators of the RIAA web site have got it up and running and are successfully defending themselves against this malicious attack. Kudos to them for getting on the job so quickly on a Sunday! I am sure they will consider doing some web vulnerability scanning in future or even investing in web application firewalls ala Imperva or AppSec.

This event is a great study in mob behavior. There is no love lost between any technologist and the RIAA who is viewed as a corporate King Canute commanding the tides to stop. So a call to action that involves a "minor" thing like clicking on a link that set off a malicious attack got at least 649 up mods (user's votes). Did 659 people click through? No way to know and it is a moot point because some impatient hacker took it upon himself to execute a more targeted attack.